How can I retrieve a file's most recent checksum as reported by puppet?
I'm running Puppet 3.1, PuppetDB 1.4, and Foreman 1.2, and have looked
through the various APIs as well as /var/lib/puppet/ on each node, but
can't find a specific field for the checksum. I think it used to be in
/var/lib/puppet/state/state.yaml, but was removed in recent puppet versions due
to inconsistencies <http://projects.puppetlabs.com/issues/5301>. I see
ways to return a node report, but they don't seem to contain the checksum.
I suppose just checking that the file was changed via puppet is sufficient
in saying that this was an expected change, but it would be nice to also
compare the sum in puppet vs. the file integrity monitor.
In general, I want to have my real-time file integrity monitor check
against expected puppet changes so I don't receive alerts from 100's of
servers. I've seen a little discussion on this topic here and there, but
would love to see some more light shed on this particular subject. I
realize that there is a risk involved with NOT sending an alert because
"this change was expected per puppet", but this to me is better than
getting thousands of alerts each day and actually missing something
important due to info overload.
How do you guys monitor file integrity across many hosts?
I'm using OSSEC syscheck, but still evaluating so I'm open to other tools
and general thoughts on the subject.
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firstname.lastname@example.org.
To post to this group, send email to email@example.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.